All Projects → codingo → Crithit

codingo / Crithit

Licence: gpl-3.0
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.

Projects that are alternatives of or similar to Crithit

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-65.93%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, infosec, security-audit, security-vulnerability, bugbounty
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+959.34%)
Mutual labels:  hacking, security-tools, penetration-testing, hacking-tool, security-audit, enumeration, offensive-security, bugbounty
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+902.2%)
Mutual labels:  hacking, security-tools, penetration-testing, hacking-tool, security-audit, enumeration, offensive-security
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+321.43%)
Mutual labels:  hacking, security-tools, penetration-testing, hacking-tool, security-audit, offensive-security, bugbounty
Web path scanner
Stars: ✭ 7,246 (+3881.32%)
Mutual labels:  hacking, pentesting, penetration-testing, infosec, hacking-tool, enumeration, bugbounty
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+317.58%)
Mutual labels:  hacking, security-tools, penetration-testing, hacking-tool, enumeration, bugbounty
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-36.26%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, hacking-tool, enumeration
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+378.02%)
Mutual labels:  hacking, pentesting, penetration-testing, infosec, hacking-tool, enumeration
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+134.62%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, hacking-tool, bugbounty
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+1834.62%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, hacking-tool, security-vulnerability
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+1424.73%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, infosec, hacking-tool
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-10.99%)
Mutual labels:  hacking, security-tools, penetration-testing, hacking-tool, security-audit, bugbounty
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+664.84%)
Mutual labels:  hacking, pentesting, penetration-testing, hacking-tool, enumeration
Pentest Notes
Collection of Pentest Notes and Cheatsheets from a lot of repos (SofianeHamlaoui,dostoevsky,mantvydasb,adon90,BriskSec)
Stars: ✭ 89 (-51.1%)
Mutual labels:  security-tools, pentesting, penetration-testing, security-audit, offensive-security
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+524.18%)
Mutual labels:  hacking, security-tools, pentesting, infosec, hacking-tool
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-36.26%)
Mutual labels:  hacking, security-tools, pentesting, hacking-tool, security-audit
Hacking Toolkit
Stars: ✭ 635 (+248.9%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, security-audit
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+298.35%)
Mutual labels:  hacking, security-tools, pentesting, hacking-tool, security-audit
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+319.78%)
Mutual labels:  hacking, security-tools, pentesting, penetration-testing, hacking-tool
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+179.67%)
Mutual labels:  hacking, security-tools, pentesting, infosec, bugbounty


Website Directory and file brute forcing at extreme scale.

License Twitter

CritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. The intention of brute foricng in this manner is to avoid low limit Web Application Firewall (WAF) bans and to allow brute forcing to run faster than it normally would when approaching any single host with multiple simultaneous requests.

CritHit can perform multiple verifications of results using proxy lists, as well as filter out noise by base lining websites. Additionally, if looking for a specific item over a large number of websites (to cross compare a vulnerablity over more hosts) you can build and use --signatures to write only hosts containing specific data points to an output file.

Best results can be sought from CritHit by using it as a quick "first pass" with a smaller (100 critical items) wordlist, a very large target list, and then deep diving more directly with a project such as ffuf where results are found.


Inspired by EdOverflows Megplus and TomNomNom's meg projects which have approached the same idea.

Also thank-you to Hakluke and sml555_ for refining upont the core idea, encouragement, and testing.


This runs insanely fast using default settings. If you work over a target with a shared waf over domains you will quickly face a ban. Tweak -n (timeout) and -c (threads) as needed.


Install dependancies:

  • Firstly, Download Boost 1.70 from and extract the library into any directory. A Unix build of Boost is located in /dep/ of this repository, this will need to be replaced to build for other environments.
  • Set the environment variable BOOST_ROOT to the root of the extracted library.
  • If you happen to use LibreSSL instead of OpenSSL. You need to have and on your /usr/lib directory which is included on dep/ directory on this repo.


sudo apt-get install libssl-dev

Make CMake Files (optional if in /codingo/opt)

cmake -G "Unix Makefiles" 

Make solution


Build Script

Alternatively, modify the below for your target environment:

wget ""
tar -xvzf boost_1_70_0.tar.gz
export BOOST_ROOT="/home/boost_1_70_0"
cd crithit/crithit
cmake -G "Unix Makefiles"
./crithit -w _wordlist_ -t _hostnames_


cd crithit/crithit
docker build -t crithit .
docker run -v $(pwd):/input -t crithit -w  /input/_wordlist_ -t /input/_hostnames_


Reviewing input parameters is recommended until proper documentation has been added to this repository.


   ./crithit  [--os <filename>] [--signatures <filename>] [-e <filename>]
              [-n <integer>] [--read-for <integer>] [-p <filename>]
              [--max-sockets <integer>] [-V <integer>] [-r] [-b <string>]
              [-s <string>] [-c <integer>] [-t <filename>] [-T <domain
              name>] [--verbose] -w <filename> [-o <filename>] [--]
              [--version] [-h]


   --os <filename>
     if --signatures is specified, this specifies the output file to write
     result to

   --signatures <filename>
     file containing list of signatures to look out for in top-level

   -e <filename>,  --exceptions <filename>
     filename containing words...

   -n <integer>,  --wait-for <integer>
     wait N seconds to connect/send data to server(default: 5secs)

   --read-for <integer>
     wait N seconds to receive data from server(default: 10secs)

   -p <filename>,  --proxy <filename>
     a filename containing list of proxy names and port(IP:port)

   --max-sockets <integer>
     Number of sockets to use

   -V <integer>,  --verify <integer>
     verify successful results with different proxies

   -r,  --randomize-agent
     use random user agents for requests

   -b <string>,  --statuscodesblacklist <string>
     Negative status codes (will override statuscodes if set)

   -s <string>,  --statuscodes <string>
     Positive status codes (will be overwritten with statuscodesblacklist
     if set)(default 200,204,301,302,307,401,403,408)

   -c <integer>,  --threads <integer>
     Number of threads to use(default: 12)

   -t <filename>,  --target-list <filename>
     a filename containing the list of targets

   -T <domain name>,  --target <domain name>
     the target

     be verbose with output

   -w <filename>,  --word-list <filename>
     (required)  a filename containing list of words to use

   -o <filename>,  --output <filename>
     output result to (default: stdout)

   --,  --ignore_rest
     Ignores the rest of the labeled arguments following this flag.

     Displays version information and exits.

   -h,  --help
     Displays usage information and exits.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]